My research goal is to
make computer systems safer and more reliable.
With the large degree that computing has permeated our lives, from
mobile smartphones to ubiquitous cloud computing, it is crucial that
this infrastructure that we rely so heavily on be secure and
reliable. I take a variety of approaches to achieving this
goal,
including techniques using operating systems, computer
architecture, formal
verification and networking. I like building prototypes with my
students to demonstrate our ideas and some projects I am currently
working on include:

Smartphone
Security and Reliability: In 2010, there were more
Smartphones shipped than
desktop PCs and the trend is continuing. For many users, the
smart phone will be the main device they use to interact with the
Internet. We are in an environment where users will likely
own multiple devices that must all interact with each other, including
a phone, a tablet, PCs and game consoles. To this end, I am
interested in building smart phone operating systems and software that
seeks to be secure, reliable and intuitive. We are working on
building systems such as Unicorn
and Mercury,
which leverage the capabilities of smart phones to help protect users
against malware and phishing. Most recently, we have explored using smartphones to secure data stored in the cloud in a system called Caelus. In addition, I believe smart
phones themselves need to be secure, so we've built a couple of tools such as PScout
(source code and datasets here), and IntelliDroid to help understand and secure smartphones.

Security in Cloud Computing: Cloud
computing offers a new
exciting form of service to users in need of compute infrastructure.
It provides users a pay-as-you go model, and allows users to outsource
costs such as management, power and cooling, procurement and
provisioning. Unfortunately, cloud computing poses serious security
concerns. Users want to ensure the security of their data and code
while executing in the cloud. At the same time cloud providers want
to protect their infrastructure from being abused. We elaborate on
these issues in our HotOS
paper, VEE
paper, and our paper on location-based
SLAs on cloud providers. We have also been exploring the use of
trusted computing to protect user data stored in the cloud using a
system called Unicorn.
More recently we have been working on Unity, an
untrusted cloud storage system, and H-One, and IaaS
cloud auditing framework. We have built and studied Caelus, a system that uses a smartphone to monitor a cloud for malicious activity. You can also check out our survey on the State of IaaS Cloud Security.

System reliability: With the complexity
of computer systems today, it is all too easy for them to become
misconfigured. One our research goals is reducing the pain of system
configuration and make misconfiguration repair easier. To that end, our
tool Ocasta,
uses unsupervised machine learning to infer which configuration
settings might be related and uses an automated configuration search
and rollback tool to semi-automate the repair of configuration errors. Following on this work, we have also explored the use of automatically software workarounds that can be used to rapidly mitigate security vulnerabilities. These software workarounds for rapid response (SWRRs) are automatically generated by a tool called Talos, and can mitigate more than 2x more vulnerabilities than traditional configuration workarounds.

Recent News

October, 2017: A paper describing a project I worked on at Google will appear at SOSP 2017. It describes Prochlo a system that provides strong privacy guarantees for large data sets using a combination of principles from differential privacy, and an architecture that uses SGX to ensure trust is distributed among several components.

September, 2017: I'm back from sabbatical! Also, I'd like to welcome new students Shirley, Vasily, Pushkar and Shawn to the group!

May, 2017: Congratulations to Mariana on successfully defending and graduating with her MASc thesis!

May, 2017: We have two papers that will appear at HotOS this year! Ben has published his work on Consistency Oracles and I also managed to get some work on Glimmers, which I have been doing on sabbatical at Google published.

May, 2016: I'm pleased to announce that the source code for our IntelliDroid project has been released here.

May, 2016: Congratulations to Dhaval for succesfully defending his Master's. We wish him all the best as he starts his job at NVIDIA!

March, 2016: James (Zhen)'s paper on automatically generated Software Workarounds for Rapid Response (SWRRs) was accepted at Oakland 2016. You can read the paper here! Great work James!

February, 2016: Michelle just gave an awesome talk on IntelliDroid at NDSS 2016! We plan to share the source code soon so please check back here shortly for more information on where the code will be available.

February, 2016: Congratulations to Sukwon Oh on completing his Master's thesis. Welcome to the PhD program Sukwon!

January, 2013:
I will have one or two summer
undergraduate research positions open through the NSERC
USRA program. 2nd and 3rd year students will be
given preference. Please send me a copy of your transcript
and a resume/CV if interested

November, 2012:
Kathy Au just successfully defended her
MASc
thesis and will be joining Google next year. Congratulations
Kathy!

September 26,
2012: We've made the PScout source code and
permission maps available here.
Hope you find them useful!

August 15, 2012:
We
have two workshop papers at CCS this
year. A paper on Unity,
a system that provides secure cloud storage by Ben Kim and Wei Huang at
CCSW 2012, and a paper on H-One,
a IaaS cloud auditing proposal by Afshar Ganjali.

July
20, 2012: Kathy's paper on Android permission analysis using PScout was
accepted at CCS 2012! You can read about the tool and the
analysis here.

March 1, 2012:
I'm starting at 2.5 year stint as the
Associate Chair of Graduate Studies for ECE at U of T. Wish
me luck!

February 6,
2012: The folks at UT Austin were nice enough
to write a news
article about Unicorn
after my recent visit there.

August 21, 2011:
Our position paper
on how and why one should build tools to automatically populate
permission lists for smartphone operating systems will appears at SPSM
2011.

August 12, 2011:
We have a cool paper at CCS this year
introducing a novel technique, called two-factor attestation, which
raises the bar against attacks that use malware or phishing to get at
personal data. Read about Unicorn,
our prototype system that demonstrates this idea.

December 20,
2010: Lionel's paper on Patch Auditing in public
clouds was accepted at VEE
2011! You can read the paper here.

December 17,
2010: Mannan's paper on Mercury,
a system for secure
password recovery will appear at FC
2011.
In this paper, we describe a cool way to recover your password simply
and easily using a mobile phone.

June 1, 2010:
Phillipa's paper on subverting
measurement-based IP geolocation was accepted at USENIX
Security
2010! It turns out that they can be subverted, and that surprisingly,
the more advanced and precise the technique, the more susceptible it
is.

February 8, 2010: Lee's paper on Kivati
was accepted in EuroSys 2010! Kivati describes a system that leverages
hardware watchpoints to quickly detect and prevent atomicity violations
at run time.

June 22, 2009:
David Lie has been promoted to Associate Professor with tenure.

Students

Post-Doctoral
Fellows:
I have several post-doctoral fellowship positions open. Please click here for the job description and criteria. Prospective
candidates should fill out this form.

Graduate
Students: I am always looking for graduate students who enjoy building software/hardware systems. Required background requires a solid understanding of operating systems and computer systems, with practical experience writing and implementing software. Security background is desirable but not required.
I get many requests for supervision from prospective students and unfortunately, don't have time to respond to every one. If you take the time to read one of my papers and send me suggestions on follow-up work or improvements that you
would be interested in pursuing, then you will be more likely to get a response from me.

If you are interested in applying for graduate
studies in ECE, please go here
for the application procedure. I
supervise students from ECE and CS, if you are not sure which
department to
apply to, please send me an e-mail. You can
find information on my current students here.

Undergradaute
Students: I'm looking for strong undergraduate students
with interests in computer security. 2nd and 3rd year students will be given preference. If interested, please fill out this application form.